PingIntelligence

Changing default settings

For security reasons, you should change the default master key and passwords in API Behavioral Security (ABS).

Before you begin

Make sure that ABS is stopped before changing the keystore password.

About this task

To change the default values:

Steps

  • To change the keystore password, enter the following command.

    The default Java KeyStore (JKS) password is abs123.

    # keytool -storepasswd -keystore config/ssl/abs.jks
Enter keystore password:  abs123
New keystore password: newjkspassword
Re-enter new keystore password: newjkspassword

  • To change the key password, enter the following command.

    The default key password is abs123.

    # keytool -keypasswd -alias pingidentity -keypass abs123 -new newjkspassword -keystore config/ssl/abs.jks
Enter keystore password: newjkspassword

    Start ABS after you have changed the default passwords.

  • Before creating a new abs_master.key, stop ABS by running the stop.sh command.

    # /opt/pingidentity/abs/bin/stop.sh
checking API Behavioral Security status
sending shutdown signal to ABS, please wait...
API Behavioral Security stopped

  • To create your own abs_master.key to obfuscate keys and passwords in ABS, run the generate_obfkey command.

    /opt/pingidentity/abs/bin/cli.sh generate_obfkey -u admin -p admin
Please take a backup of config/abs_master.key before proceeding.
Warning: Once you create a new obfuscation master key, you should obfuscate all config keys also using cli.sh -obfuscate_keys
Warning: Obfuscation master key file
/pingidentity/abs/config/abs_master.key already exists. This command will delete it and create a new key in the same file
Do you want to proceed [y/n]: y
Creating new obfuscation master key
Success: created new obfuscation master key at /pingidentity/abs/config/abs_master.key

  • To change the default admin password, run the update_password command.

    /opt/pingidentity/abs/bin/cli.sh update_password -u admin -p admin
New Password>
Reenter New Password>
Success. Password updated for CLI

  • To change the default access and secret key in MongoDB, stop the ABS nodes and complete the following:

    1. Connect to MongoDB by entering the following command.

      absuser and abs123 are the default username and password for MongoDB.

      mongo --host<mongo-host>--port  <mongo-port>--authenticationDatabase admin -u absuser -p abs123

    2. On the MongoDB prompt, run the following command:

      use abs_metadata
db.auth_info.updateOne( { access_key: "<new-access-key>", secret_key: "<new-secret-key>"} )

    3. Start the ABS nodes after you have changed the default access and secret key.